Troubleshooting IKE······································································································································· 375
Configuring IKEv2 ······················································································ 380
Overview ························································································································································ 380
IKEv2 negotiation process ····················································································································· 380
New features in IKEv2 ···························································································································· 381
Protocols and standards ························································································································ 381
IKEv2 configuration task list ··························································································································· 381
Configuring an IKEv2 profile ·························································································································· 382
Configuring an IKEv2 policy ··························································································································· 385
Configuring an IKEv2 proposal ······················································································································ 386
Configuring an IKEv2 keychain ······················································································································ 387
IKEv2 configuration examples ······················································································································· 390
Troubleshooting IKEv2 ··································································································································· 397
Configuring SSH ························································································ 399
Overview ························································································································································ 399
How SSH works ····································································································································· 399
SSH authentication methods ·················································································································· 400
SSH support for Suite B ························································································································· 401
FIPS compliance ············································································································································ 401
Generating local key pairs ······················································································································ 402
Enabling the Stelnet server ···················································································································· 403
Enabling the SFTP server ······················································································································ 403
Enabling the SCP server ························································································································ 404
Enabling NETCONF over SSH ·············································································································· 404
Configuring an SSH user ······················································································································· 406
Disconnecting SSH sessions ················································································································· 409
Generating local key pairs ······················································································································ 409
Generating local key pairs ······················································································································ 414
ix